Commit Graph

1441 Commits

Author SHA1 Message Date
Thomas Zerr
a2c9ed67a3 User jwt sessions can now be endless
Committed-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Co-authored-by: tzerr <thomas.zerr@cloudogu.com>

Reviewed-by: Konstantin Schaper <konstantin.schaper@cloudogu.com>
2023-07-27 13:03:35 +02:00
Eduard Heimbuch
c1d7230fbd Add "enable file search" flag on global config.
Make the repository file search deactivatable
via the global config. This feature could
overwhelm the server on repositories with
millions of file therefore it now can be turned off.

Committed-by: Rene Pfeuffer <rene.pfeuffer@cloudogu.com>
Co-authored-by: Konstantin Schaper <konstantin.schaper@cloudogu.com>
2023-07-06 08:47:51 +02:00
Eduard Heimbuch
0e7a3ec53b Improve general performance
- Adjust logging
- Optimize cache speed
- Cleanup classes

Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>

Reviewed-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
2023-06-28 14:18:18 +02:00
Eduard Heimbuch
cc54e2ce6b Caches for internal stores and files
This adds optional caches for configuration stores and
backing data files for data stores.

These stores can be enabled using the system properties
`scm.storeCache.enabled=true` and `scm.cache.dataFileCache.enabled=true`.

In addition, this adds the possibility to overwrite cache configurations
from the guice cache (see file `gcache.xml`) with system properties.
The maximum size of the external group cache for example can be
overwritten with the system property `scm.cache.externalGroups.maximumSize`.

Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
2023-06-28 12:38:15 +02:00
Rene Pfeuffer
bceef8ee7c Internal server error with external groups
Fixes a null pointer exception resulting in an internal
server error in the permission overview for users with
external groups, for example from ldap or cas.

Committed-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
2023-06-21 09:34:53 +02:00
Rene Pfeuffer
c3093a3b0d Prevent repository loading in namespace mapper
Committed-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
2023-06-13 16:16:15 +02:00
Rene Pfeuffer
86b8be9f17 In-memory implementations of the store api using JaxB
The new implementations are ment to be used in test
classes replacing the older implementations like
`InMemoryConfigurationStoreFactory`. The benefit
of these new classes is that the serialization using JaxB
is testet implicitly avoiding mistakes made with XML
annotations on the data classes.

Committed-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
2023-06-07 10:04:50 +02:00
Eduard Heimbuch
a50e456969 Ignore duplicate contributors for single changeset
Committed-by: Konstantin Schaper <konstantin.schaper@cloudogu.com>
2023-05-25 19:26:38 +02:00
Konstantin Schaper
b812922142 Implement namespace configurations & permissions
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>

Reviewed-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
2023-05-25 18:51:29 +02:00
Rene Pfeuffer
8025e82b1b Use pgpainless for key generation
The library pgpainless (https://gh.pgpainless.org/) makes it much more easy to create gpg keys for new users. As a benefit, these keys can be verified by GitHub.

Committed-by: Konstantin Schaper <konstantin.schaper@cloudogu.com>
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
2023-05-08 15:31:56 +02:00
Eduard Heimbuch
c6df84557b Refactor general configuration
Use standard configuration store api for general configuration. This is best practice and also required for the audit log to work properly.

Besides that we still need to load the general configuration manually for the instance injection binding in ScmServletModules. Since the instance injection does not resolve the bindings regularly we need also still need to update the injectable scm config using the "load" hack in the resource.

Committed-by: Konstantin Schaper <konstantin.schaper@cloudogu.com>
2023-04-12 12:37:52 +02:00
Rene Pfeuffer
68110ee6b3 Retry failing integration tests
This uses 'RetryingTest' from junit jupiter to retry integration tests that are known to fail from time to time. We explicitly mark single tests in contrast to set a global retry to be able to trace those, whenever this is intended.

To do so, we have to update to the latest version of JUnit. Unfortunately, this brought a new behaviour for the @TempDir annotation: In contrast to the former behaviour where for one test all annotated parameters got the same directory, in the new version the parameters get different directories assigned. This led to the need of some consolidation between @BeforeEach methods and the related tests.

Committed-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
2023-03-22 06:24:33 +01:00
Eduard Heimbuch
b511789620 Fix audit log issues:
- Use store name as label for repository related changes if no explicit labels are set.
- Introduce 'ignore' flag
- Fix missing call to store
- Create audit logs for permissions
- Set flex attributes for input field to use full available space

Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
Co-authored-by: Konstantin Schaper <konstantin.schaper@cloudogu.com>
2023-03-21 12:03:51 +01:00
Rene Pfeuffer
f3027ba9f8 Update resteasy to 4.5.9.Final
Committed-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
2023-03-10 08:29:34 +01:00
Eduard Heimbuch
56265be9a2 Add initial audit log API
Introduce audit log API which logs all creations,
modifications and deletions of annotated entities
and everything which is stored inside a
ConfigurationStore. Without the related Audit
Log Plugin installed this API does nothing.
2023-03-09 11:25:33 +01:00
Rene Pfeuffer
83c7e0523d Fix various performance issues
- Avoiding read attempts for stores that do not exist (AbstractStore).
- Use of ReadWrite locks (everything withLockedFileForRead or withLockedFileForWrite)
- Caching of JAXB Context (TypedStoreContext.java)
- Avoid unnecessary writes to the UserGroupCache

Committed-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
2023-03-02 11:05:04 +01:00
Rene Pfeuffer
8cef21e32c With this change, the creation of API keys will throw an error if one tries to create a new API key. To make this error distinguishable from other errors, we use a 404 (not found) in this case (a 409 would be indistinguishable from a "real" conflict, 401 or 403 could be misleading). Doing this, the cli client can print better error messages.
In addition, this removes the links to API keys in user hal objects, when API keys are disabled.

Committed-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
2023-02-28 10:01:27 +01:00
Rene Pfeuffer
e1b107849e Permission Overview
Adds an overview of the permissions of a user including its groups. To do so, a new cache is introduced that stores the groups of a user, when the user is authenticated. In doing so, SCM-Manager can also list groups assigned by external authentication plugins such as LDAP. On the other hand, the user has to have been logged in at least once to get external groups, and even then the cached groups may be out of date when the overview is created. Internal groups will always be added correctly, nonetheless.

Due to the cache, another problem arised: On some logins, the xml dao for the cache failed to be read, because it was read and written at the same time. To fix this, a more thorough synchronization of the stores has been implemented.

Committed-by: Konstantin Schaper <konstantin.schaper@cloudogu.com>
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
2023-02-09 10:29:05 +01:00
Eduard Heimbuch
ac419daa3f Add ConfigurationAdapterBase and extension points for trash bin
Adds the new abstract class ConfigurationAdapterBase to simplify the creation of global configuration views. In addition there is some cleanup, interfaces and extension points for the repository trash bin plugin.

Committed-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
Co-authored-by: Konstantin Schaper <konstantin.schaper@cloudogu.com>
2023-01-13 13:08:51 +01:00
Rene Pfeuffer
f2f2f29791 Render images from repository correctly
This adds a markdown renderer for images, so that images
that are referenced by their repository path are resolved
correctly. In this case, the content rest endpoint is
rendered as source url. For this, two new contexts
(RepositoryContext and RepositoryRevisionContext)
have been added, that make the repository and the
current revision available, so that the content url can
be resolved properly. These new contexts may be used
by plugins like the scm-readme-plugin.

Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>

Reviewed-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
2022-12-19 10:12:01 +01:00
Rene Pfeuffer
6ba792e5bc Adds a new extension point repository.overview.listOptions that can be used to set the page size, whether to list archived repositories or not and potentially other options for the repository overview. If no extension is bound, the default values will be used.
Committed-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
2022-12-15 11:16:01 +01:00
Konstantin Schaper
7b933c6821 Improve plugin center error feedback and cache invalidation (#2147)
The plugin center cache was not invalidated when the proxy configuration was changed in the global settings. This caused stale and inconsistent state to be displayed to the user while there was no feedback that something was wrong.
2022-11-04 11:49:08 +01:00
René Pfeuffer
a009ce9397 Fix clone of git repositories with lfs files via ssh (#2144)
Cloning repositories with LFS data via ssh requires the creation of access tokens using a subject authenticated with an already scoped token (the first scoped token is created by the ssh lfs authentication command; with this token the further requests are issued which will create further tokens for the individual lfs download requests). This failed, because such a creation was rejected without further checks. Now we test, whether the requested scope is permitted by the current scope.
2022-10-28 10:31:47 +02:00
René Pfeuffer
54081ccdc6 Git import with lfs support (#2133)
This adds the possibility to load files managed by lfs to the repository import of git repositories.

Co-authored-by: Konstantin Schaper <konstantin.schaper@cloudogu.com>
2022-10-25 09:14:40 +02:00
Eduard Heimbuch
8db2e76ecc Resolve plugin installation conflict were the same plugin was tried to be installed multiple times for one single action. (#2138)
The pending queue is updated after all the plugins to be installed are collected, and then we already may have duplicate entries. Because of this we check right on the collecting step if the plugin was already added during this single action.
2022-10-20 20:38:58 +02:00
Konstantin Schaper
fe82c967b8 Fix creating a repository permission without a name breaking the repository (#2126)
If a POST request is submitted to the rest api for repostory permissions, the regex validator ignores the name field if it is null, which leads to an internal server error and breaks any further attempts to interact with that repository. An additional not-null constraint resolves this problem.
2022-09-30 10:27:41 +02:00
Eduard Heimbuch
6f2be13197 Introduce NoOpIndexReader to handle missing indexes without errors (#2113)
We stumbled upon errors accessing index from plugins which were not yet initialized. To prevent this errors we use our own No-Op IndexReader for missing indices.
2022-09-06 10:06:17 +02:00
Konstantin Schaper
56ace2811b Implement reindex mechanism for search (#2104)
Adds a new button to repository settings to allow users to manually delete and re-create search indices. The actual re-indexing is happening in plugins that subscribe to the newly created event.

Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
2022-08-17 13:22:34 +02:00
Eduard Heimbuch
550ebefd93 Context sensitive search (#2102)
Extend global search to search context-sensitive in repositories and namespaces.
2022-08-04 12:14:46 +02:00
Eduard Heimbuch
4e220b5254 Implement more plugin list commands (#2094)
Implement commands to list available plugins and installed plugins separately.

Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
2022-07-28 14:30:55 +02:00
René Pfeuffer
67a9dce7e6 Add namespace cli commands (#2093)
Adds the CLI commands that are available to handle repository permissions on repositories for namespaces.

Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
2022-07-26 09:58:00 +02:00
Eduard Heimbuch
049b5ba54c Add CLI commands for global permission management (#2091)
Add CLI commands for permission management for users and groups.

Co-authored-by: Konstantin Schaper <konstantin.schaper@cloudogu.com>
2022-07-21 09:56:47 +02:00
René Pfeuffer
3b4b1a1767 Add cli commands to modify repository permissions (#2090)
Co-authored-by: Konstantin Schaper <konstantin.schaper@cloudogu.com>
2022-07-20 09:17:14 +02:00
Eduard Heimbuch
fc28da90b3 Enable plugin management via CLI (#2087)
Co-authored-by: Konstantin Schaper <konstantin.schaper@cloudogu.com>
2022-07-19 09:02:00 +02:00
Eduard Heimbuch
67c083ee54 Reduce code smells (#2089)
Reduce code smells found by deepsource.io. We focused on the low-hanging fruits and not breaking any api.
2022-07-15 15:33:37 +02:00
René Pfeuffer
f61d0c113f Always encrypt password (#2085)
First, we make "encryptPassword" in the PasswordService
idempotent, so that the method will not change the password
when the method is called with an already encrypted string.
Then, in the user manager, we will always call this method
to encrypt the password, if this is not already the case.

Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
2022-07-15 15:02:52 +02:00
René Pfeuffer
d7943a0551 Fix plugin wizard for foreign languages (#2086)
This fixes the plugin wizard, that throws a NullPointerException for other languages then Englisch or German.
2022-07-13 09:28:56 +02:00
Florian Scholdei
f3f19426c8 Unify password validation (#2077)
Passwords should be checked when created or changed in the frontend just as they are in the backend for REST and CLI.
Also extend the password validation to allow upto 1024 characters instead of 32.

Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
2022-07-07 11:19:51 +02:00
Eduard Heimbuch
e3e6bbed7c Encrypt user password via CLI (#2080) 2022-07-06 14:03:56 +02:00
Florian Scholdei
5267a0556a Remove branch validation on overview (#2064)
Branches that have already been checked as valid should not be displayed as faulty on branch overview.

Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
2022-06-09 07:30:46 +02:00
Eduard Heimbuch
084fe9e2ae Add api to overwrite content type resolver (#2051)
Introduce content type resolver extension to provide
custom content types for specific file extensions.
2022-06-07 11:02:56 +02:00
Konstantin Schaper
1b18191c57 Add plugin wizard initialization step (#2045)
Adds a new initialization step after setting up the initial administration account that allows administrators to initialize the instance with a selection of plugin sets.

Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Co-authored-by: Matthias Thieroff <matthias.thieroff@cloudogu.com>
2022-05-31 15:15:30 +02:00
Florian Scholdei
6216945f0d Notify user about results of manually executed health check (#2044)
When manually starting health checks, the user should always receive a notification about the status, whether successful or not.
2022-05-25 09:30:45 +02:00
Eduard Heimbuch
8f0facf394 Order repo info extensions (#2041)
Set order priority for repository information extensions.
Also add new annotation to set custom resource bundles for cli commands.
2022-05-23 15:06:08 +02:00
Matthias Thieroff
8981a98064 Fix language specific CLI problems (#2042)
Unit tests which deal with translated text need to be specific about
the language the test should use. Otherwise system default gets used
which may lead to problems. Also line endings may be a problem on
different OS.
This fixes two of the above issues.
2022-05-20 10:58:21 +02:00
Eduard Heimbuch
1c540e1fbd Sort CLI commands alphabetically (#2020)
Sort CLI commands alphabetically to show them in consistent order.
2022-05-04 09:36:01 +02:00
Eduard Heimbuch
77046bb6fd Throw error if repo is created with not supported type (#2019)
Throw error if repository is created with not supported type. Currently we only allow git, svn or hg all lowercase.
2022-05-03 16:06:38 +02:00
René Pfeuffer
b8e2ae747a Omit default port in protocol urls (#2014)
This omits the port in the protocol urls when the port is the default port for the protocol.
So if you have your server https://my.scm.net/scm and the repository admin/test, the protocol url is no longer https://my.scm.net:443/scm/repo/admin/test, but simply https://my.scm.net/scm/repo/admin/test without the :443.
2022-04-29 11:57:28 +02:00
Eduard Heimbuch
ca9b20940f Translate cli parameter exceptions (#1997)
Translate CLI parameter exceptions to german. We explictly do not translate the default english exceptions to custom ones since the default messages are more specific/helpful.
2022-04-13 08:47:32 +02:00
René Pfeuffer
d2e81ce121 Add cli commands for users and groups (#1993)
Adds cli commands to manage users and groups.

Co-authored-by: Matthias Thieroff <matthias.thieroff@cloudogu.com>
2022-04-11 10:04:19 +02:00